7.13. Disabling SASL Mechanisms
supportedSASLMechanismslists the SASL mechanisms that are currently supported by the Directory Server instance. However, editing that attribute does not change which mechanisms are supported. Directory Server uses the installed Cyrus SASL libraries to generate the list of supported SASL mechanisms. These libraries are located in
- Create a private SASL directory for the Directory Server instance to use. For example:
- Open that directory.
- Create symlinks from the Cyrus SASL directory plug-ins to the instance directory. For example:
[root@server ~]# cd /etc/dirsrv/slapd-instance_name/sasl2 ; for file in /usr/lib64/sasl2/*.so* ; do ln -s $file done
- Remove the symlinks for the mechanisms that should not be supported in the Directory Server instance. For example:
- Edit the Directory Server start shell script so that it uses the Directory Server instance's SASL directory.
vim /usr/lib/dirsrv/slapd-example/start-slapd SASL_PATH=/etc/dirsrv/slapd-instance_name/sasl2 ; export SASL_PATH
- Restart the Directory Server.
service dirsrv restart